（NAT64）IPv6网络用户访问IPv4网络服务器(动态映射方式)

1.实验拓扑

2.配置

[FW1]dis cu
2025-05-29 10:44:44.030 
!Software Version V500R005C10SPC300
#
sysname FW1
#
ipv6
#
 nat64 prefix 3001:: 96
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 undo shutdown
 ipv6 enable
 ipv6 address 2001::1/64
 nat64 enable
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet1/0/0
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet1/0/1
#
nat address-group 1 0
 mode pat
 section 0 1.1.1.6 1.1.1.10
#
security-policy
 rule name untrust->trust
  source-zone untrust
  destination-zone trust
  source-address 2001:: 64
  action permit
#
nat-policy
 rule name nat64
  source-zone untrust
  destination-zone trust
  source-address 2001:: 64
  nat-type nat64
  action source-nat address-group 1
#

3.重点配置

[FW1]int g1/0/1

[FW1-GigabitEthernet1/0/1]ipv6  enable 

[FW1-GigabitEthernet1/0/1]ipv6  add 2001::1 64

[FW1-GigabitEthernet1/0/1]nat64 enable 

[FW1]nat64 prefix  3001:: 96

[FW1-policy-security]di th
2025-05-29 10:54:31.080 
#
security-policy
 rule name untrust->trust
  source-zone untrust
  destination-zone trust
  source-address 2001:: 64
  action permit

[FW1]nat address-group  1
[FW1-address-group-1]mode  pat 
[FW1-address-group-1]section  1.1.1.6 1.1.1.10

[FW1-policy-nat]di th
2025-05-29 10:55:32.270 
#
nat-policy
 rule name nat64
  source-zone untrust
  destination-zone trust
  source-address 2001:: 64
  nat-type nat64
  action source-nat address-group 1

4.实验验证

5.重点